Sr Wireless Network Engineer at a manufacturing company with 10,001+ employees
Real User
Gives us a single view, and integration with DNAC helps us troubleshoot from the client down to the packet
Pros and Cons
  • "For my use cases, the in-depth troubleshooting into why a client can't connect or why they failed, is very valuable. I can go back to someone and say, 'Hey, it's not my network. It's their certificates or user error,' or something else."
  • "The opinion of my coworkers, and it's mine as well, is that the user interface could use some tender loving care. It seems counterintuitive sometimes. If you go to the logs, it's hard to figure out which one you need to look at."

What is our primary use case?

We use ISE primarily for RADIUS authentications on our wireless networks and VLAN segmentation for those users.

How has it helped my organization?

ISE makes things easier because we all work on one system and we all have the same views, so one person is not looking at a different system. We can all look at the same system and say, "Okay, go to this link." Also, you can integrate it with DNAC (Cisco DNA Center), which is something I am very into. It helps us troubleshoot from the client all the way down to the packet. DNAC can tell us, within ISE, when they're integrated, "This is the issue they're having," and we can report back.

It's great across a distributed network for securing access to all our apps and the network. We don't have to worry about which system is going through which access layer or which security system. We can just put everything into ISE. We don't have to separate the switches from the routers to the wireless. It's all just "one-stop, go." It used to be that our switches were in a separate system for authentication routers and the wireless was all on EAP. It was confusing. ISE consolidated all that.

What is most valuable?

For my use cases, the in-depth troubleshooting into why a client can't connect or why they failed, is very valuable. I can go back to someone and say, "Hey, it's not my network. It's their certificates or user error," or something else. For my coworkers the VLAN segmentation means a client got in, it dropped them into this VLAN, and that's where they belong. They can't get out. It makes things more efficient.

Also, the fact that ISE considers all resources to be external is very important. We use ISE in our retail environments for our payment sleds. We want our payment system to be secure. Zero Trust is our whole thing. It's great that everything is external to ISE and then everything has to go through the system.

What needs improvement?

The opinion of my coworkers, and it's mine as well, is that the user interface could use some tender loving care. It seems counterintuitive sometimes. If you go to the logs, it's hard to figure out which one you need to look at. My ISE admin probably has different ideas, but for us, that's the main complaint.

Buyer's Guide
Cisco ISE (Identity Services Engine)
March 2024
Learn what your peers think about Cisco ISE (Identity Services Engine). Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.

For how long have I used the solution?

I've been using Cisco ISE (Identity Services Engine) for about 15 years.

What do I think about the stability of the solution?

Uptime is great. I don't have a complaint with ISE with uptime. It's been a rockstar. As far as I'm aware, we have probably had 95 percent uptime, or even 99 percent. Nothing is 100 percent. When there's an issue, it's usually not ISE.

What do I think about the scalability of the solution?

Scalability is our issue: keeping up with the number of licenses we need for customers and clients. That's our main concern right now. Part of that is on us and part of that is on ISE.

For us, ISE is global between retail stores, warehouses, and world headquarters. Our entire wireless network of over 30,000 devices uses it. In North America alone, we have 13,000 access points and usually around 60,000 clients.

How are customer service and support?

We've had some issues with support. We usually just get our account manager involved and they get the BU online.

It depends on the role of the dice and your TAC engineer and how well they understand the issue. We've had numerous cases where we decided to say, "Okay, escalate."

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We had ClearPass but we found some difficulties with it and those were things that ISE was better at, such as EAP authentication. We had some issues with how ClearPass interacted with the Cisco wireless environment. The merging of the two technologies was hard.

We have jumped around. We were Juniper, Aruba, and then a Cisco corporate environment, and then a mixed environment. We finally consolidated those between retail, warehouses, and our world headquarters, into a unified Cisco environment with ISE as our RADIUS backbone. ISE gave us what we needed to unify all of them. We finally shut down our last ClearPass server a couple of years ago.

What's my experience with pricing, setup cost, and licensing?

Being fully honest, the Cisco licensing model right now is really confusing. We don't know what licenses we have where. We have Smart licensing, but the different levels are way confusing.

There are different levels for different accesses. We have an enterprise license agreement with Cisco, but all the details of what we have with those licenses get confused in the massive amount of licenses we have, or in the different license levels we have for different geos, et cetera. The Smart license portal is there, but right now, we just don't have the time or manpower to put into that.

What other advice do I have?

I give it an eight out of 10 mostly because when you get in to start configuring the details, it's hard to find some stuff. Otherwise, it's a great platform.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Gustavo Pena - PeerSpot reviewer
Services Director at XByte SRL
Reseller
Improves security posture and reduces security gaps
Pros and Cons
  • "They provide you multiple ways to achieve security, not only on-prem, but also when you have remote and guest workers. Especially post-pandemic, a lot of our customers have remote workers. So, it has been really helpful."
  • "Profiling is a really good feature. However, it sometimes is a challenge for customers when there are issues with the remediation part. I would add a built-in remediation solution. That would be a very nice feature."

What is our primary use case?

We are working with packets and A011X. In some cases, we also do profiling.

We are using this solution because we wanted to improve security and reduce security gaps. This is mainly for our customers.

How has it helped my organization?

This solution improves security. There is a new law in the Dominican Republic, where I am from. The central bank has ordered the banks to improve their security through a law. ISE is one of the start points for those organizations to start improving their security.

The solution gives us a way to provide a professional security solution to our customers.

What is most valuable?

They provide you multiple ways to achieve security, not only on-prem, but also when you have remote and guest workers. Especially post-pandemic, a lot of our customers have remote workers. So, it has been really helpful.

Its resilience gives you a better security posture. Cybersecurity resilience is very important. Security is one of the main things in my country enforced by law.

What needs improvement?

Profiling is a really good feature. However, it sometimes is a challenge for customers when there are issues with the remediation part. I would add a built-in remediation solution. That would be a very nice feature.

For how long have I used the solution?

I have been using the solution for six to seven years.

What do I think about the stability of the solution?

It is very stable.

What do I think about the scalability of the solution?

It is very scalable. You can install several nodes in order to scale the solution.

How are customer service and support?

The technical support is really good. I would rate them as 10 out of 10. You need to know how to work with the tech support. If you don't know how to work with them, then it won't work.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We have been working for 15 years with Cisco as a Cisco partner. We like the Cisco solutions.

How was the initial setup?

The deployment is complex. It takes four or five to deploy it.

What about the implementation team?

Deployment takes a skilled technician. The customer's help is always needed since we need to integrate Active Directory. 

What was our ROI?

Our customers see ROI. They feel more confident about their operations. It gives them time to do other things in order to be more profitable.

What's my experience with pricing, setup cost, and licensing?

It has a fair price. It is better than it was before.

Which other solutions did I evaluate?

We have seen Aruba ClearPass, but it is not that common in the Dominican Republic.

What other advice do I have?

Organizational leaders should do constant analysis of their security posture, in order to be improving every day.

I would rate them as eight out of 10 because of the remediation feature.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller/Integrator
PeerSpot user
Buyer's Guide
Cisco ISE (Identity Services Engine)
March 2024
Learn what your peers think about Cisco ISE (Identity Services Engine). Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
Senior Network Engineer at a tech consulting company with 11-50 employees
Real User
Acts as a network access control solution and mitigates a lot of potential attack factors
Pros and Cons
  • "I found the CMDB Direct Connect in Cisco ISE 3.2 the most promising feature for my use case."
  • "Cisco ISE's real-time data analytics for database logging could be improved."

What is our primary use case?

We primarily use Cisco ISE as a network access control solution. We do a lot of quarantine actions from our CSOC. We use the AnyConnect VPN by setting multiple deployments for dedicated purposes, where we use it to provide wireless.

How has it helped my organization?

Cisco ISE has brought a level of visibility that my organization hadn't had beforehand. At the same time, it has mitigated a lot of potential attack factors and brought in a sense of control in the hardware during the onboarding process.

What is most valuable?

I found the CMDB Direct Connect in Cisco ISE 3.2 the most promising feature for my use case. We have a lot of wired map devices and having an externally approved source to validate if a machine is legitimate or approved to be on the network is extremely valuable for us. It helps make the whole process of authorizing endpoints quick.

What needs improvement?

Cisco ISE's real-time data analytics for database logging could be improved. Earlier, you didn't have direct read access to the database. You'd have to rely on logs through some other sources like Splunk and be able to put everything that you want together. Being able to review logs in real-time, customized to your filtering, adds a lot of context and visibility.

For how long have I used the solution?

I have been using Cisco Identity Services Engine for about four and a half years.

What do I think about the stability of the solution?

I do not like the stability of Cisco ISE in the virtual environment. That might have been more of an underlying host issue rather than an ISE issue. But we've moved to hardware right now, and I wouldn't have looked back. The next place we're looking to explore is potentially in the cloud, but that's still up in the air because our environment is not small. We're one of the larger 700,000-plus endpoints.

What do I think about the scalability of the solution?

Cisco ISE's scalability is nice. However, not many people can deploy Cisco ISE in a very large environment. In other words, there are no large environments that are hitting around 100,000 plus clients for active concurrent sessions. If you're trying to create multiple deployments to distribute the workload evenly, I don't like that there's no centralized management platform for Cisco ISE. You still have to go into each deployment and do your configuration.

How are customer service and support?

From my account team, I rate Cisco ISE's technical support ten out of ten. However, from a tech perspective, if I'm talking to tech level one, tech tier one, or tech tier two, I'd have to give it a six out of ten. Once you start getting into the more advanced tiers and even the business units, the support goes through the roof.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I've always worked with Cisco ISE. However, in my organization, there's another part of my infrastructure where they use Forescout. The way Forescout implements a NAC solution differs vastly from how Cisco ISE does it. The way Cisco ISE does it is more ingrained in the whole radius process and enhances the security features on a switch or wireless line controller.

Our organization chose to go with Cisco ISE instead of Forescout because, holistically, the solution checked all the boxes needed for a NAC solution.

How was the initial setup?

I was not involved in our organization's first iteration of Cisco ISE. We've since migrated and modernized our Cisco ISE deployment, and I've been heavily involved in that. 

The ease of deployment depends on the environment you're deploying in, understanding what use cases you have out there, and understanding what kind of endpoints you're exposed to or exposing your network.

Overall, Cisco ISE's initial setup is not overly complicated right now. But since our organization is moving into a multi-vendor or managed services contract, we're bringing in many vendors like Meraki, Juniper Mist, Aruba, and Fortinet. That's when things get complicated because they don't all use the same type of authorization results.

What about the implementation team?

We implemented Cisco ISE in our organization directly through Cisco. My experience with Cisco has been phenomenal because they listen. We've run into many technical issues, but they've been at our beck and call and have been there to support us to a point where they've rushed certain fixes. We've had a couple of engineering specialits because of things we've encountered. They worked hard for us.

What was our ROI?

The product is positive regarding a return on investment, considering the cost we're bringing in for Cisco ISE's deployment versus the value we're adding to the environment.

What's my experience with pricing, setup cost, and licensing?

According to my sales and account team, the prices we're getting are pretty good. I wouldn't say they're the manufacturing or listed price by any means, but we do a lot of business with them. So the price points that they're coming in at are pretty manageable.

What other advice do I have?

When it comes to securing our infrastructure from end to end so that we can detect intermediate threats, a lot of it has to do with integrating Cisco ISE with other products. For example, Cisco ISE primarily deals with either the access layer or remote connections. However, when you start integrating it with other things like titration or secure network analytics, you can get a bigger grasp of the overall picture. When you bring other security teams into it, they can start creating their policies, alerts, etc. They can start automating some of the incident mitigations and stuff like that.

My use case is a little bit different in that there's no end to our work. There are a lot of other business groups within my organization that aren't complying with what the network security policy should be. So I have to reach out to them and get them to use a dot1x protocol or ensure that their stuff is in our CMDB database.

We're in a big migration and shift in our overall security policy. So there's a lot of moving aspects going on right now. However, as we start getting things moved into an MDM, as we start getting things moved into using a dot1x protocol, we can get an active identity of an endpoint.

Cisco helps reduce the amount of staff we have to chase down and figure out what kind of policies should be implemented. We can then incorporate our onboarding process into that, preventing unauthorized devices from connecting in or at least be reassured that if anything that we haven't had any chance to look at connects in, we can deny it with confidence. Down the road, it'll alleviate a lot of the time and planning we're doing right now.

My organization is a bit different. I've tried to get them onto the posture feature of Cisco ISE, but they're pursuing other vendors for that. We've decided to incorporate through a pxGrid integration with other applications such as Tanium, Forescout, or whatever application my security organization uses. They can pull contacts from the Cisco ISE endpoint and then be able to issue a quarantine action to Cisco ISE on that particular endpoint.

Overall, I rate Cisco ISE ten out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Network Engineer II at a healthcare company with 10,001+ employees
Real User
Top 20
Offers enhanced network access control, serves as our first line of defense for access, and scales exceptionally well
Pros and Cons
  • "Cisco ISE scales exceptionally well."
  • "Sometimes, there are instances when Cisco ISE simply fails to function without any apparent reason, and regardless of the investigation we undertake, the logs indicate that everything is functioning properly, making it somewhat inexplicable."

What is our primary use case?

We are on-prem at twelve separate sites with one main node.

We utilize Cisco ISE for authenticating both our employees and residents at our senior care center. We authenticate them either against LDAP or our network.

How has it helped my organization?

Cisco ISE provides us with enhanced network access control, allowing us to manage the VLAN assignments for both our residents and employees. Additionally, Cisco ISE enables us to exercise control over the devices permitted to connect to our network.

I am not aware of the extent to which we leverage Cisco ISE to remediate threats, but it serves as our first line of defense for access. It has been extremely beneficial. Our clientele consists of senior residents, and having some level of control over the devices they connect to the network has had a significant impact. 

Cisco ISE has helped to free up the time of our IT team for other projects.

What needs improvement?

Sometimes, there are instances when Cisco ISE simply fails to function without any apparent reason, and regardless of the investigation we undertake, the logs indicate that everything is functioning properly, making it somewhat inexplicable. However, after a while, it spontaneously begins functioning again. Therefore, I believe it is not a widespread problem, but when it does occur, it can be quite frustrating.

The support specifically for Cisco ISE has room for improvement.

For how long have I used the solution?

I have been using Cisco ISE for two years, and the company has been utilizing the solution for ten years.

What do I think about the stability of the solution?

For the most part, Cisco ISE is stable, good, and functional. However, when it fails, we are left clueless as to the reason behind it, and that's the frustrating aspect.

What do I think about the scalability of the solution?

Cisco ISE scales exceptionally well. However, we have encountered issues while updating to the latest version. It is a significant endeavor due to the extensive scope of our deployment. Nevertheless, I believe this challenge is not unique to us; it appears to be primarily related to the scale of the deployment. Currently, we have nearly 15,000 devices.

How are customer service and support?

The times I've had to contact technical support for Cisco ISE, the experience has been somewhat unsatisfactory. I get the feeling that, at least on the surface, they perform tasks that I can do myself, such as reviewing the logs and identifying the issues. Moreover, given the integration of Cisco ISE with various network components, it's difficult to confine troubleshooting solely to that aspect. Therefore, I desire improved support specifically for Cisco ISE. I would rate the support for Cisco ISE as a six out of ten, whereas for other products in their portfolio, it would receive a nine out of ten.

How would you rate customer service and support?

Neutral

What's my experience with pricing, setup cost, and licensing?

I am not aware of the current price for Cisco ISE, but considering it is a Cisco product, it is likely to be quite high. However, I do not have control over the checkbook.

Which other solutions did I evaluate?

We evaluated Aruba ClearPass, which was something we considered. However, since we are committed to Cisco throughout our infrastructure, we didn't believe it was worthwhile to replace it with another solution without being certain that it would be better than Cisco ISE.

Aruba ClearPass had a slightly better reputation among the people we surveyed in our industry. We frequently compared it to how college campuses manage their systems because our use case is very similar. In terms of functionality, I believe it was mostly the same. The key difference seemed to be the level of stability.

What other advice do I have?

I give Cisco ISE an eight out of ten. Without knowledge of how the other implementations or competing offerings function, I believe Cisco ISE performs admirably in its intended role. Moreover, I am aware that without it, we would encounter significantly greater challenges. Therefore, I consider it to be great.

Our organization utilizes Cisco products extensively, which, in my opinion, is the reason behind the organization's decision to choose Cisco ISE.

I believe we would have a much more open network if it weren't for Cisco ISE. We would be restricted to only using PSKs, and we wouldn't have a true understanding of what our residents are connecting to the network. I think that's likely the most significant aspect of the implementation.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Sr. Architect at a pharma/biotech company with 10,001+ employees
Real User
Top 20
You can easily find rogue endpoints
Pros and Cons
  • "One of the advantages is that you can easily find rogue endpoints. For example, if you don't want to allow any endpoints where you don't know the people plugging into what kind of devices, ISE can give you a big, clear picture, e.g., what kind of endpoints are getting connected to your network. That is one of the advantages."
  • "Cisco could improve the GUIs on their hardware."

What is our primary use case?

Cisco Identity Service Engine (ISE) is used mostly for endpoints. If you want to know the profiling and what endpoints are connecting to your company, then ISE is a good solution because it has built-in signatures. Therefore, it knows what kinds of devices are getting added into the network.

You can install it with any cloud provider, e.g., AWS or Azure.

You can install ISE locally. If your site is critical, like in manufacturing, you need to make sure that ISE is a part of the local site. Usually, people install data centers, but you can also install at critical sites.

How has it helped my organization?

One of the advantages is that you can easily find rogue endpoints. For example, if you don't want to allow any endpoints where you don't know the people plugging into what kind of devices, ISE can give you a big, clear picture, e.g., what kind of endpoints are getting connected to your network. That is one of the advantages.

From our company perspective, or any company perspective, you need to be PCI compliant and follow HIPAA laws. Therefore, ISE is really instrumental from a cybersecurity perspective. You need to comply if you are PCI compliant and utilizing credit card transactions. ISE can help you become compliant from that perspective.

What is most valuable?

There is a new trend: a zero-trust kind of architecture. If a company really wants to improve their security, ISE can upscale the security in their network by creating an access policy. This ensures that if the device is not allowed to access something then ISE won't let that device access that resource. This is mostly for segmentation security.

What needs improvement?

Cisco could improve the GUIs on their hardware.

For how long have I used the solution?

I have been using Cisco ISE for about seven or eight years.

What do I think about the stability of the solution?

The stability is good.

What do I think about the scalability of the solution?

You can scale your ISE. You can use ISE for a company of any size: for a small company, a mid-size company, or a large company. ISE can be installed in a cluster-distributed environment. Thus, there is a lot of scalability and resiliency when using ISE.

I would rate the scalability as eight or nine out of 10.

How are customer service and support?

Cisco support is awesome. I would rate them as eight or nine out of 10.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did not previously use another solution.

How was the initial setup?

Initially, it is always challenging. Once you get the gist of the deployment, it becomes normal and straightforward afterwards.

Definitely make sure you install ISE in a distributed fashion. Make sure there is a lot of high availability. Otherwise, if your ISE goes down, then you won't be able to authenticate your endpoint. It is better to install ISE in a high availability solution.

What was our ROI?

We have definitely seen ROI as we are getting compliant. When you are compliant, you get fewer fines from PCI and those types of organizations. 

What's my experience with pricing, setup cost, and licensing?

It is not that pricey.

Which other solutions did I evaluate?

We have Zscaler, but it is not operating in the same zone as ISE.

What other advice do I have?

Use ISE if you want to build more resilience within your organization.

I would rate the solution as eight or nine out of 10.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Adam Boldin - PeerSpot reviewer
Network Architect at Tarrant Regional Water District
Real User
Top 10
Helps us protect our SCADA systems by segmenting them from the rest of the network
Pros and Cons
  • "The endpoint profiling feature is among the most valuable because it keeps me from having to manually maintain a MAC address bypass list to track endpoints. I can have ISE profile them for me and then put them in the right bucket."
  • "I'd like to see the logging be a bit more robust in terms of what it has baked in. If I want to do any in-depth searching, I have to export all the logs to an external platform like Elastic or LogRhythm and then parse through them myself. It would be nice if I could find what I want, when I want it, on the platform itself."

What is our primary use case?

We use it for wired .1x, wireless authentication, VPN, and multi-factor authentication. We wanted to have a consistent experience for authentication and authorization of endpoints across the network, as well as security.

How has it helped my organization?

As a water utility organization, we're considered critical infrastructure by the feds. Everyone needs water. So it's important for us to protect our industrial control systems, our SCADA systems. ISE helps us do that by segmenting them off from the rest of the network.

And by eliminating trust, it helps us with audits, including CJIS because we have a law enforcement division, and trying to conform to the NIST standards. A lot of government agencies are becoming more familiar with the Zero Trust model and ISE makes our audits go a lot faster and a lot smoother than they used to.

What is most valuable?

The endpoint profiling feature is among the most valuable because it keeps me from having to manually maintain a MAC address bypass list to track endpoints. I can have ISE profile them for me and then put them in the right bucket.

In addition, ISE really adopts and is strong in the Zero Trust model where we consider everybody a foreign endpoint until they prove they belong on the network. ISE just seems to be built from the ground up to do that, whereas with other solutions, you have to "shoehorn" that in.

I also rate it pretty highly for securing access to our applications and network. If you have the good fortune of being a total Cisco shop, you can utilize SGTs, end to end, across the network. It can be a little tricky to get working, but once it does, it creates quite a consistent experience for any endpoint, even if it moves anywhere in the network.

What needs improvement?

I'd like to see the logging be a bit more robust in terms of what it has baked in. If I want to do any in-depth searching, I have to export all the logs to an external platform like Elastic or LogRhythm and then parse through them myself. It would be nice if I could find what I want, when I want it, on the platform itself.

For how long have I used the solution?

I've been using Cisco ISE (Identity Services Engine) for 10 years.

What do I think about the stability of the solution?

Now, the stability is pretty good. I've been working on it since the product launched and it was a bit sketchy. Its current state is really good right now.

The only thing we have run into was a bug when we ran virtual appliances, but that turned out to be an issue with our storage networking QoS policies. That wasn't really an ISE problem, it was more of a storage problem.

What do I think about the scalability of the solution?

In terms of supporting a distributed network, it's pretty powerful. You can stand it up and cluster it and it scales out pretty well. You can put nodes wherever you want to service authentication requests. We're able to scale up or out and we can choose how and when we do that with either virtual or physical machines, meaning it's very flexible. 

It scales quite well. One of the things that Cisco is good at is keeping things pretty simple when you want to scale it. If you want to scale up, you get stronger admin and monitoring nodes. If you want to scale out, you get more policy service nodes. It's quite easy to stand them up, really anywhere, if you use virtuals.

We use it around our Fort Worth campus, which has about half a dozen buildings. By the end of the summer, we'll have it deployed to all of the rest of our five campuses. We have about 30 remote locations across 12 counties in North Texas and they're all using ISE. It works out pretty well.

We have it on-prem right now, but we are moving to a hybrid cloud platform on Azure for a lot of our applications, so we're starting to do proofs of concept with ISE in Azure.

How are customer service and support?

TAC is pretty good. I would definitely suggest getting their solution support, which provides higher maintenance. That way, when you do get someone, you get someone who knows what they're doing. If you get the higher level of support, you get some really smart people who can fix things pretty quickly.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used to use Aruba ClearPass. It was somewhat clunky to use and it didn't integrate well with third-party platforms. If you used Aruba, it worked great. If you didn't use Aruba, and were pointing things at ClearPass, it had some issues. We found that ISE typically handled things a little bit better. We could point anything at ISE and take care of it.

How was the initial setup?

The initial deployment was pretty straightforward. It's very simple to just turn the box on and plug into it. You go through a couple of settings and then you can log in to the GUI and pull in all the other nodes that you want.

After the gear came in, it took us about a day to deploy it. I started by implementing it at the local campus. That way, if I broke anything, I could just walk down the hall and not have to drive anywhere.

I stood up the first cluster, and then it was another engineer and me who worked on deploying it out to all the buildings. We started out in monitor mode, to see what it would do if we had turned it on. Once we had remediated anything that looked like it was authenticating incorrectly on the wired network, we went to closed mode and that's where we are now.

What was our ROI?

Return on investment falls in line with the business vision of securing our resources and protecting them against cyber attacks and nation-state attacks. It's hard to put a monetary value on clean water.

What's my experience with pricing, setup cost, and licensing?

Licensing is a disaster. It's a mess and I hope they fix it soon.

Which other solutions did I evaluate?

In addition to ClearPass, we looked at Forescout. At the time we looked at Forescout, it was more of an inline product and we weren't looking to add more infrastructure between parts of the network to try to do inline authentications. It seemed easier to do it on the switch ports and have them talk to ISE.

What other advice do I have?

It's a very strong platform, especially now that we're on version 3.1. It's definitely my go-to. I would recommend it over any other NAC platform.

It requires a lot of technical knowledge to actually get it off the ground and running. It's not quite as intuitive as it could be, but it's still a solid platform.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Romildo Junior - PeerSpot reviewer
IT Business Manager at Telefónica
Real User
Top 10
Simple, works well, and has a lot of features
Pros and Cons
  • "It's scalable."
  • "The price here in Brazil is very expensive."

What is our primary use case?

This solution provides access to the employees of the company.

What is most valuable?

It works. It is simple. It works very well. We have a good strategic setup. We are very happy with the solution and we have no problem using Cisco ISE solutions.

The solution is stable.

It's scalable. 

What needs improvement?

I'm not working in the IT team. I'm working the sales team. While there are a lot of features that we could improve in our organization, I can't speak to the exact changes that should be made.

We'd like to be able to integrate the product with our solutions. Sometimes we face some infrastructure where there are multiple vendors and sometimes the ISE is not the best tool to manage multiple vendor infrastructure. 

The price here in Brazil is very expensive. 

Configurations can be a bit complicated. 

Sometimes we have problems integrating logs into SIEM solutions. We have to deliver some logs to a SIEM secret platform, and sometimes it does not work well. It would be better if we had better integration or a better way to deliver the logging SIEM platforms.

For how long have I used the solution?

I've been using the solution for five to six years. 

What do I think about the stability of the solution?

The stability is good. There are no bugs or glitches. It doesn't crash or freeze.

What do I think about the scalability of the solution?

We have no problem with the management of our infrastructure when we need more accountability from the platform. Scalability was fine. There is no problem.

We have 6,000 people in Brazil using the solution. 

How are customer service and support?

I consider technical support to be perfect. Anytime that I have problems with shifting solutions, they work well with me and I have no problems with working with them.

Which solution did I use previously and why did I switch?

I'm a reseller from Fortinet and Cisco solutions. I also have experience with Check Point. 

How was the initial setup?

I can't speak to how the setup goes. I'm not working directly in deployment. What I've heard from my customers, for example, is that it is not difficult to set up, however, it may be to run all the features.

What I've heard is the first setup is very, very easy and to do some adjustments is very easy, however, when you want to go further in the configuration, that could be a bit easier.

What's my experience with pricing, setup cost, and licensing?

I can't speak to the exact pricing of the product.

What other advice do I have?

I work with various versions of the solution. 

We're resellers.

Others should know it's a very good solution, very stable. There are a lot of features, and it is a secure solution. It's the first solution that we indicate to our customers and most of the time, the decision of the customer is to deploy a Cisco product. 

I'd rate the solution nine out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
Network Engineer at a comms service provider with 10,001+ employees
Real User
We can identify what's going on in the logs and that helps identify problems more quickly
Pros and Cons
  • "RADIUS is the best feature because it supplies authentication to our entire campus."
  • "The knocks I have against the product are the number of bugs that we encounter, constantly, and the amount of upgrading that we have to do."

What is our primary use case?

We currently use it for RADIUS and TACACS authentication, but we're moving to SD Campus Fabric. We're tying that in with DNA Center, making it flow with the wireless and authentications at the port, using .1X. That's where we're headed.

We have a 10-node deployment: two PSNs, four dedicated to TACACS and RADIUS, two dedicated to guest WiFi, and two dedicated to pxGrid.

How has it helped my organization?

While it doesn't give us a single pane of glass, it helps identify problems more quickly. You can identify what's going on in the logs most of the time.

Also, ISE, working with DNA Center, provides a trust set. It's very important to us that the solution considers all resources to be external, so that we know who is connecting, when and where, at all times; we're not just trusting you because you're internal.

What is most valuable?

At the moment, RADIUS is the most valuable feature for us. We haven't really opened it up yet, so RADIUS is the best feature because it supplies authentication to our entire campus.

Also, when it comes to securing access to applications and the network, that goes hand-in-hand with fully developing ISE, implementing .1X, tying in DNA Center, and enabling TrustSec to look at SGTs and figure out who's who and what is what.

What needs improvement?

The knocks I have against the product are the number of bugs that we encounter, constantly, and the amount of upgrading that we have to do.

For how long have I used the solution?

I have been using Cisco ISE (Identity Services Engine) for about five years.

What do I think about the stability of the solution?

Because of the numerous bugs we've been hit with, on a scale of one to 10, the stability is a four or five.

What do I think about the scalability of the solution?

In theory, the scalability is great, if it all works.

We have six 17-floor buildings, and had a little more than 1,500 users on campus, pre-COVID. ISE is providing access and authentication for everyone who uses the WiFi and it helps us get into our devices.

How are customer service and support?

TAC is moving a little slowly with respect to the technology. They're not keeping up. When you call in with a question, you get 10 questions fired back at you, and it just goes round and round until you figure it out.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We previously used ACS.

What's my experience with pricing, setup cost, and licensing?

If you're not going through an agreement, it's very expensive.

Which other solutions did I evaluate?

We didn't evaluate other options. We're a Cisco shop.

What other advice do I have?

Do a deep dive. If you're a Cisco shop you really don't have a choice. It's the direction they're moving in. Cut your teeth with it and don't rely on outside sources to implement it. Implement it yourself so you know how to troubleshoot it and move forward. If you use outside sources, as soon as they leave, you're left holding the bucket and you don't understand what's going on.

I see the theory behind ISE and if we can get it to gel in our environment, it will be a beautiful thing.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Cisco ISE (Identity Services Engine) Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2024
Buyer's Guide
Download our free Cisco ISE (Identity Services Engine) Report and get advice and tips from experienced pros sharing their opinions.